CN107491692A - A kind of method and system for monitoring Android terminal energy and wasting attack - Google Patents
A kind of method and system for monitoring Android terminal energy and wasting attack Download PDFInfo
- Publication number
- CN107491692A CN107491692A CN201610421647.0A CN201610421647A CN107491692A CN 107491692 A CN107491692 A CN 107491692A CN 201610421647 A CN201610421647 A CN 201610421647A CN 107491692 A CN107491692 A CN 107491692A
- Authority
- CN
- China
- Prior art keywords
- packet
- module
- message
- suspicious
- attack
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/552—Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/566—Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/03—Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
- G06F2221/033—Test or assess software
Abstract
The present invention relates to mobile network communication field, more particularly to a kind of method and system for monitoring Android terminal energy and wasting attack.The present invention by monitoring Intent message and click event in real time, and to Intent message and click on event progress the matching analysis, it can recognize that malice energy wastes attack process, it especially can effectively identify that new malice energy wastes attack process, when finding that malice energy wastes attack process, system can send alarm, after user receives warning information, can timely processing malice energy waste attack process, mobile phone energy is not consumed maliciously, ensure that the long-term normal table of Android phone user uses.
Description
Technical field
The present invention relates to mobile network communication field, more particularly to a kind of monitoring Android terminal energy to waste attack
Method and system.
Background technology
Power supply is the main device of smart mobile phone, and the length that the energy content of battery continues usage time is to judge that handset capability is good
Bad main standard.Recently start some rogue programs for being directed to cellular phone power supplies Attacks occur, this class method passes through one
A little methods make the meaningless consumption for wasting electricity, accelerating mobile phone energy of mobile phone, influence the use of user.The purpose of this kind of attack has
Attack is wasted, cause evil of the user to rival's product
Comment so as to influence its sales volume;Or produce malice and waste electricity behavior, and the application for power consumption malice being imputed to rival is soft
Part, so as to cause user to produce negative image or even unloading, etc. to the application software.
Android intelligent terminal because the source of user installation application software does not have strict safety review mechanism, because
This is for the unified official APP application shop modes of IOS mobile phones, it is easier to is not intended to install malicious third parties software.
Some existing energy management softwares can monitor the consumption electricity of each application program, but this can not tackle energy expenditure and turn
The attack condition transferred.This kind of attack is not that rogue program wastes electricity by itself, but goes to call other softwares, allows these
Software need not waste electricity in user when its operation.
With the continuous development of technology, the attack of rogue program can be monitored by certain technological means and is blocked
Cut, such as Application No. 201410459220.0《A kind of method and device for intercepting application malice and opening browser》Patent text
Offer, prevent that software from maliciously being opened by obtaining click event and being matched with the application message on blacklist, can keep away
Exempt to be harassed by the unnecessary browser opened using popup web page, improve Consumer's Experience.
But Malware be can constantly update it is increased, if the information in blacklist can not be updated in time and
Safeguard, can not effectively reach the purpose for intercepting malicious attack.
The content of the invention
The technical problems to be solved by the invention are:A kind of method for monitoring Android terminal energy and wasting attack is provided
And system, the malice energy on identification Android phone backstage wastes attack process, and sends alarm.
In order to solve the above-mentioned technical problem, the technical solution adopted by the present invention is:
A kind of method for monitoring Android terminal energy and wasting attack, including:
First message hook is added in the Intent processing modules of Android application framework layers, obtains Intent message;
The second message hook is added in the WindowManagerService modules of Android application framework layers, is obtained
User clicks on event action to mobile phone;
The information that the first message hook passes over is received and handled, generates the first packet;
The information that second message hook passes over is received and handled, generates the second packet;
First packet and second packet are matched, obtains suspicious first packet;
Suspicious first packet is analyzed, obtains analysis result;
According to the analysis result, alarm is sent.
The present invention also provides a kind of system for monitoring Android terminal energy and wasting attack, including:
First message acquisition module, the second message capturing module, the first monitoring modular, the second monitoring modular, matching module,
Analysis module and alarm module;
The first message acquisition module, for adding in the Intent processing modules of Android application framework layers
One message hook, obtain Intent message;
Second message capturing module, for the WindowManagerService moulds in Android application framework layers
The second message hook is added in block, user is obtained and event action is clicked on to mobile phone;
First monitoring modular, for receiving and handling the Intent message, generate the first packet;
Second monitoring modular, for receiving and handling click event, generate the second packet;
The matching module, for matching first packet and second packet, obtain suspicious first data
Bag;
The analysis module, for analyzing suspicious first packet, obtain analysis result;
The alarm module, for according to the analysis result, sending alarm.
The beneficial effects of the present invention are:The present invention provides a kind of method for monitoring Android terminal energy and wasting attack
And system, by monitoring and obtaining Intent message and click event in real time, Intent message and click event are matched,
Trusted process is filtered out, the process not filtered is further analyzed, identifies that the malice energy on Android phone backstage wastes
Attack process simultaneously sends alarm, user can timely processing malice energy waste attack process, mobile phone energy is not disappeared maliciously
Consumption, ensure that the long-term normal table of Android phone user uses.
Brief description of the drawings
Fig. 1 is a kind of flow chart element for monitoring Android terminal energy and wasting the method embodiment of attack of the present invention
Figure;
Fig. 2 is a kind of structural frames for monitoring Android terminal energy and wasting the system embodiment of attack of the present invention
Figure;
Label declaration:
1st, first message acquisition module;2nd, the first monitoring modular;3rd, the second monitoring modular;4th, the second message capturing module;
5th, filtering module is scanned;6th, time window module;7th, matching module;8th, the first packet acquisition module;9th, the second packet obtains
Modulus block;10th, comparing module;11st, remove module;12nd, reservation module;13rd, analysis module;14th, suspicious process acquisition module;
15th, frequency statistics module;16th, alarm module.
Embodiment
To describe the technology contents of the present invention, the objects and the effects in detail, below in conjunction with embodiment and coordinate attached
Figure is explained.
The design of most critical of the present invention is:By carrying out the matching analysis, energy to Intent message and click event simultaneously
Enough identify that malice energy wastes attack process, especially can effectively identify that new malice energy wastes attack process, when
It was found that when malice energy wastes attack process, system can send alarm and reminding user, and user being capable of timely processing malice energy sky
Attack process is consumed, mobile phone energy is not consumed maliciously, ensures that the long-term normal table of Android phone user uses.
Explanation of technical terms of the present invention:
Fig. 1 is refer to, the present invention provides a kind of method for monitoring Android terminal energy and wasting attack, including:
First message hook is added in the Intent processing modules of Android application framework layers, obtains Intent message;
The second message hook is added in the WindowManagerService modules of Android application framework layers, is obtained
User clicks on event action to mobile phone;
The information that the first message hook passes over is received and handled, generates the first packet;
The information that second message hook passes over is received and handled, generates the second packet;
First packet and second packet are matched, obtains suspicious first packet;
Suspicious first packet is analyzed, obtains analysis result;
According to the analysis result, alarm is sent.
A kind of above-mentioned beneficial effect for monitoring the method that Android terminal energy wastes attack is, by monitoring in real time
And Intent message and click event are obtained, carrying out matching to Intent message and click event filters out trusted process, to not
The process filtered is further analyzed, and identifies that the malice energy on Android phone backstage wastes attack process and sends alarm,
User can timely processing malice energy waste attack process, mobile phone energy is not consumed maliciously, ensure Android phone use
The long-term normal table at family uses.
Further, described " matching first packet and second packet " is specially:
First packet, including Intent message initiator bag names and the first packet present system time;
The first packet in a default period forms first queue, takes out one first packet;
Second packet, including click on incident response procedure bag name and the second packet present system time;
The second packet in a default period forms second queue, takes out one second packet;
According to the second packet present system time, the second packet time window ranges are obtained;
If the first packet present system time falls in the second packet time window ranges,:
Compare the Intent message initiator bag names of one first packet and the click thing of one second packet
Part responder bag name;
If the click event of the Intent message initiator bag names of one first packet and one second packet
Responder bag name is identical, then:
One first packet is credible first packet;
Credible first packet is removed from first queue, otherwise:
One first packet is suspicious first packet;
Suspicious first packet is retained in first queue.
, can be by trust data by carrying out matching operation to the first packet and the second packet it was found from foregoing description
Packet filtering, retain suspicious packet and treat further to analyze.
Further, described " analyzing suspicious first packet " is specially:
Obtain the Intent message initiator bag names of suspicious first packet;
Count the calling frequency for the process that the Intent message initiators bag name refers to;
If the calling frequency for the process that the Intent message initiators bag name refers to is more than 1,:
The process that the Intent message initiators bag name refers to wastes attack process for suspicious energy, sends alarm.
It was found from foregoing description, by analyzing suspicious first packet, it can recognize that suspicious energy wastes and attack
Hit process, and send alarm sounds user, user can timely processing malice energy waste attack process, make mobile phone energy not by
Malice consumes, and ensures that the long-term normal table of Android phone user uses.
Further, further comprise before described " taking out one first packet ":
Preset time window width;
First packet, in addition to scanning filtering mark;
Obtain the scanning filtering mark of one first packet;
If the scanning filtering is labeled as non-scanning mode,:
Take out one first packet.
It was found from foregoing description, first preset time window is needed before being matched to the first packet and the second packet
Width, match the first packet and the second packet occurred in time window width range;Scanning filtering mark is recordable
One first packet whether have with the second data packet matched mistake, can avoid repeating, improve matching efficiency.
Further, described " the second packet time window ranges " are specially:
The previous of second packet time window ranges is that the second packet present system time adds time window wide
The half of degree;
The lower bound of the second packet time window ranges is that it is wide that the second packet present system time subtracts time window
The half of degree.
It was found from foregoing description, by formulating the second packet time window ranges, answering for response click event has been widened
The time range of process calling is initiated with program, can effectively avoid Intent message and click event caused by the reasons such as time delay
Between time difference and trusted process is determined as that suspicious energy wastes attack process by mistake.
Further, described " the calling frequency for counting the process that the Intent message initiators bag name refers to " is specific
For:
In unit interval, number that the Intent message initiators bag name occurs in first queue.
The preferable unit interval is 1 second, equally supports to be used as the unit interval using other time length.
, can be more accurately by counting the calling frequency of the Intent message initiators it was found from foregoing description
Identify that suspicious energy wastes attack process.
Fig. 2 is refer to, present invention additionally comprises a kind of system for monitoring Android terminal energy and wasting attack, including first
Message capturing module 1, the second message capturing module 4, the first monitoring modular 2, the second monitoring modular 3, matching module 7, analysis mould
Block 13 and alarm module 16;
The first message acquisition module 1, for adding in the Intent processing modules of Android application framework layers
One message hook, obtain Intent message;
Second message capturing module 4, for the WindowManagerService moulds in Android application framework layers
The second message hook is added in block, user is obtained and event action is clicked on to mobile phone;
First monitoring modular 2, for receiving and handling the Intent message, generate the first packet;
Second monitoring modular 3, for receiving and handling click event, generate the second packet;
The matching module 7, for matching first packet and second packet, obtain suspicious first data
Bag;
The analysis module 13, for analyzing suspicious first packet, obtain analysis result;
The alarm module 16, for according to the analysis result, sending alarm.
A kind of above-mentioned beneficial effect for monitoring the system that Android terminal energy wastes attack is, passes through the first monitoring
The monitoring modular 3 of module 2 and second monitors in real time and obtains Intent message and click event, and matching module 7 is to Intent message
Matched with click event, analysis module 13 makes further analysis to suspicious process and identifies Android phone backstage
Malice energy wastes attack process, and alarm module 16 sends alarm according to the analysis result of analysis module 13.
Further, described " matching module " includes:
First packet acquisition module 8, first queue is formed for presetting the first packet in a period, takes out one
First packet;
Second packet acquisition module 9, second queue is formed for presetting the second packet in a period, takes out one
Second packet;
Comparing module 10, for comparing the Intent message initiator bag names of the first packet and the click of the second packet
Incident response procedure bag name, if matching result is identical,:
One first packet is credible first packet, otherwise:
One first packet is suspicious first packet;
Remove module 11, for credible first packet to be removed from first queue;
Reservation module 12, suspicious first packet is retained in first queue.
, can be from the first monitoring modular 2 and the second monitoring modular by the first packet acquisition module 8 it was found from foregoing description
Received in 3 and match the first packet and the second packet, credible first packet is filtered out by remove module 11, passes through guarantor
Stay module 12 to retain suspicious data bag to treat further to analyze.
It is further, described that " analysis module 13 " includes:
Suspicious process acquisition module 14, for obtaining the Intent message initiator bag names of suspicious first packet;
Frequency statistics module 15, the calling frequency of the process referred to for counting the Intent message initiators bag name.
It was found from foregoing description, calling frequency of the suspicious process within the unit interval can be counted by frequency statistics module 15
Rate, so as to further identifying that suspicious energy wastes attack process, reduce and trusted process is mistaken for into suspicious energy wasted to attack
Hit the probability of process.
Further, in addition to:
Filtering module 5 is scanned, mark is filtered in the scanning for obtaining first packet;
Time window module 6, for obtaining the second packet time window ranges.
It was found from foregoing description, passage time window module 6 can formulate the time window scope of the second packet, Neng Gouyou
Effect avoids time difference caused by the reasons such as time delay between Intent message and click event and missing from being determined as trusted process can
Doubtful energy wastes attack process;It can avoid repeating scanned packet by scanning filtering module 5, improve
Match the efficiency of the first packet and the second packet.
Fig. 2 is refer to, embodiments of the invention one are:
Preset time window width is 5 seconds.
In 5 seconds, the Intent message one that the first monitoring modular 2 obtains from first message acquisition module 1 shares 3,
Intent message initiator bags name, present system time and scanning are filtered Label encapsulation into the first data by the first monitoring modular 2
Bag, the first packet form first queue P, and scanning filtering mark is initialized as 0, represents non-scanning mode, current first queue P
In include 3 the first packets, it is as follows:
P1={ " com.android.demo ", 154654654000,0 };
P2={ " com.test.gps ", 154654655200,0 };
P3={ " com.test.weibo ", 154654656300,0 };
Expression user's clicking operation information that the second monitoring modular 3 obtains from the second message capturing module 4 in 5 seconds
Data one share 1, and the second monitoring modular 3 will click on incident response procedure bag name and present system time is packaged into the second data
Bag, the second packet forms second queue Q, 1 the second packet is included in current second queue, as follows:
Q1={ " com.test.gps ", 154654655120 };
First packet is taken out by the first packet acquisition module 8 one by one from first queue P, takes out the first packet
The scanning filtering mark of scanning filtering the first packet of acquisition of mark 5 is first passed through before, if scanning filtering is labeled as not scanning shape
State then takes out the first packet.Second packet is taken out by the second packet acquisition module 9 one by one from second queue Q.It is logical
The time window scope that time window module 6 calculates the second packet Q1 is crossed, the second packet Q1 time window scope is
[154654652620,154654657620], matching module 7 carry out matching behaviour to the first packet P2 and the second packet Q1
Make, the first packet P2 meets that the present system time of the first packet falls in the second packet time window ranges, and logical
Cross comparing module 10 to compare Intent message initiator bag names and click on incident response procedure bag name, comparison result is identical, is said
Bright first packet P2 Intent message is likely to by user using this program of com.test.gps, and program is carried out
What clicking operation was initiated, therefore P2 is trusted operations, is moved the first packet P2 from first queue P by remove module 11
Remove.The first packet P1 and the first packet P2 in first queue P, it is unsatisfactory for matching filter condition, explanation is voluntarily to initiate
Call operation, be suspicious process, they be retained in queue P by reservation module 12, and mark is filtered in their scanning
Note is set to 1.
The the first packet P1 retained in first queue P and the first packet P2 are further divided by analysis module 13
Analysis, the first packet P1 and the first packet P2 is obtained by suspicious process acquisition module 14.First packet P1 is in first team
Occurred five times in row P, representation program " com.android.demo " initiates 5 call operations, and the first packet P1 is first
The time occurred for the first time in queue P is 154654654000, and the time that last time occurs is 154654658500, passes through frequency
The calling frequency that the first packet P1 is calculated in rate statistical module 15 is 1.11, and representation program " com.android.demo " is extremely
An inter-process calling can be carried out using Android Intent mechanism in few one second, waste attack process for suspicious energy,
Alarm module 16 shows that " program com.android.demo frequently calls the 3rd on Android phone interface to user
Equation, it is understood that there may be energy wastes attack ".First packet P3 is in queueIn occurred 2 times, representation program
" com.test.weibo " initiates 2 call operations, and the time that the first packet P3 occurs for the first time in first queue P is
154654653000, the time that last time occurs is 154654659000, therefore the first packet P3 calling frequency is
0.74, call frequency to be less than 1 in its unit interval, then it represents that " com.test.weibo " be not suspicious energy waste attack into
Journey.
In summary, a kind of method and system for monitoring Android terminal energy and wasting attack provided by the invention, for
Prior art None- identified goes out the problem of new malicious attack process;The present invention is disappeared by first message acquisition module 1 and second
Breath acquisition module 4 monitors in real time and obtains Intent message and click event, right by matching module 7 and analysis module 13
Intent message and click event are matched and analyzed, identify the malice energy on Android phone backstage waste attack into
Journey simultaneously sends alarm by alarm module 16, user after warning information is received can timely processing malice energy waste attack into
Journey, mobile phone energy is not consumed maliciously, ensure that the long-term normal table of Android phone user uses;Further, pass through
The state that filtering module 5 first judges scanning filtering mark before the first packet and the second packet is matched is scanned, is advantageous to carry
High matching efficiency;Further, passage time window module 6 formulates the second packet time window ranges, has widened response point
The application program for hitting event initiates the time range that process is called, and can effectively avoid the Intent message caused by the reasons such as time delay
Time difference between click event and trusted process is determined as that suspicious energy wastes attack process by mistake;Further,
After operation, the calling frequency in the Intent message initiator unit interval is further counted by frequency statistics module 15,
It can more accurately identify that suspicious energy wastes attack process.
Embodiments of the invention are the foregoing is only, are not intended to limit the scope of the invention, it is every to utilize this hair
The equivalents that bright specification and accompanying drawing content are made, or the technical field of correlation is directly or indirectly used in, similarly include
In the scope of patent protection of the present invention.
Claims (10)
- A kind of 1. method for monitoring Android terminal energy and wasting attack, it is characterised in that including:First message hook is added in the Intent processing modules of Android application framework layers, obtains Intent message;The second message hook is added in the WindowManagerService modules of Android application framework layers, obtains user Event action is clicked on to mobile phone;The information that the first message hook passes over is received and handled, generates the first packet;The information that second message hook passes over is received and handled, generates the second packet;First packet and second packet are matched, obtains suspicious first packet;Suspicious first packet is analyzed, obtains analysis result;According to the analysis result, alarm is sent.
- A kind of 2. method for monitoring Android terminal energy and wasting attack according to claim 1, it is characterised in that institute Stating " matching first packet and second packet " is specially:First packet, including Intent message initiator bag names and the first packet present system time;The first packet in a default period forms first queue, takes out one first packet;Second packet, including click on incident response procedure bag name and the second packet present system time;The second packet in a default period forms second queue, takes out one second packet;According to the second packet present system time, the second packet time window ranges are obtained;If the first packet present system time falls in the second packet time window ranges,:Compare the Intent message initiator bag names of one first packet and the click event of one second packet is rung Answer program-package name;If the click event response of the Intent message initiator bag names of one first packet and one second packet Program-package name is identical, then:One first packet is credible first packet;Credible first packet is removed from first queue, otherwise:One first packet is suspicious first packet;Suspicious first packet is retained in first queue.
- A kind of 3. method for monitoring Android terminal energy and wasting attack according to claim 1, it is characterised in that institute Stating " analyzing suspicious first packet " is specially:Obtain the Intent message initiator bag names of suspicious first packet;Count the calling frequency for the process that the Intent message initiators bag name refers to;If the calling frequency for the process that the Intent message initiators bag name refers to is more than 1,:The process that the Intent message initiators bag name refers to wastes attack process for suspicious energy, sends alarm.
- A kind of 4. method for monitoring Android terminal energy and wasting attack according to claim 2, it is characterised in that institute Further comprise before stating " taking out one first packet ":Preset time window width;First packet, in addition to scanning filtering mark;Obtain the scanning filtering mark of one first packet;If the scanning filtering is labeled as non-scanning mode,:Take out one first packet.
- A kind of 5. method for monitoring Android terminal energy and wasting attack according to claim 2, it is characterised in that institute Stating " the second packet time window ranges " is specially:The previous of second packet time window ranges is window width between the second packet present system time added-time Half;The lower bound of the second packet time window ranges is that the second packet present system time subtracts time window width Half.
- A kind of 6. method for monitoring Android terminal energy and wasting attack according to claim 3, it is characterised in that institute Stating " the calling frequency for counting the process that the Intent message initiators bag name refers to " is specially:In unit interval, number that the Intent message initiators bag name occurs in first queue.
- 7. a kind of Android terminal energy that monitors wastes the system of attack, it is characterised in that including first message acquisition module, Second message capturing module, the first monitoring modular, the second monitoring modular, matching module, analysis module and alarm module;The first message acquisition module, disappear for adding first in the Intent processing modules of Android application framework layers Hook is ceased, obtains Intent message;Second message capturing module, in the WindowManagerService modules of Android application framework layers The second message hook is added, user is obtained and event action is clicked on to mobile phone;First monitoring modular, for receiving and handling the Intent message, generate the first packet;Second monitoring modular, for receiving and handling click event, generate the second packet;The matching module, for matching first packet and second packet, obtain suspicious first packet;The analysis module, for analyzing suspicious first packet, obtain analysis result;The alarm module, for according to the analysis result, sending alarm.
- A kind of 8. system for monitoring Android terminal energy and wasting attack according to claim 7, it is characterised in that institute Stating " matching module " includes:First packet acquisition module, first queue is formed for presetting the first packet in a period, takes out one first Packet;Second packet acquisition module, second queue is formed for presetting the second packet in a period, takes out one second Packet;Comparing module, rung for comparing the Intent message initiator bag names of the first packet and the click event of the second packet Program-package name is answered, if matching result is identical,:One first packet is credible first packet, otherwise:One first packet is suspicious first packet;Remove module, for credible first packet to be removed from first queue;Reservation module, for suspicious first packet to be retained in first queue.
- A kind of 9. system for monitoring Android terminal energy and wasting attack according to claim 7, it is characterised in that institute Stating " analysis module " includes:Suspicious process acquisition module, for obtaining the Intent message initiator bag names of suspicious first packet;Frequency statistics module, the calling frequency of the process referred to for counting the Intent message initiators bag name.
- 10. a kind of system for monitoring Android terminal energy and wasting attack according to claim 7, it is characterised in that also Including:Filtering module is scanned, mark is filtered in the scanning for obtaining first packet;Time window module, for obtaining the second packet time window ranges.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610421647.0A CN107491692B (en) | 2016-06-13 | 2016-06-13 | Method and system for monitoring energy-empty consumption attack of Android terminal |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610421647.0A CN107491692B (en) | 2016-06-13 | 2016-06-13 | Method and system for monitoring energy-empty consumption attack of Android terminal |
Publications (2)
Publication Number | Publication Date |
---|---|
CN107491692A true CN107491692A (en) | 2017-12-19 |
CN107491692B CN107491692B (en) | 2020-07-28 |
Family
ID=60642225
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610421647.0A Active CN107491692B (en) | 2016-06-13 | 2016-06-13 | Method and system for monitoring energy-empty consumption attack of Android terminal |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107491692B (en) |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104239794A (en) * | 2014-09-10 | 2014-12-24 | 广东欧珀移动通信有限公司 | Method and device for intercepting application to maliciously open browser |
US20150128283A1 (en) * | 2013-11-07 | 2015-05-07 | Fujitsu Limited | Energy usage data management |
CN105550574A (en) * | 2015-12-11 | 2016-05-04 | 南京大学 | Side-channel attack evidence collecting system and method based on memory activity |
-
2016
- 2016-06-13 CN CN201610421647.0A patent/CN107491692B/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20150128283A1 (en) * | 2013-11-07 | 2015-05-07 | Fujitsu Limited | Energy usage data management |
CN104239794A (en) * | 2014-09-10 | 2014-12-24 | 广东欧珀移动通信有限公司 | Method and device for intercepting application to maliciously open browser |
CN105550574A (en) * | 2015-12-11 | 2016-05-04 | 南京大学 | Side-channel attack evidence collecting system and method based on memory activity |
Also Published As
Publication number | Publication date |
---|---|
CN107491692B (en) | 2020-07-28 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN102209326B (en) | Malicious behavior detection method and system based on smartphone radio interface layer | |
US9069957B2 (en) | System and method of reporting and visualizing malware on mobile networks | |
US9191823B2 (en) | Mobile device and method to monitor a baseband processor in relation to the actions on an applicaton processor | |
CA2701689C (en) | System and method of malware sample collection on mobile networks | |
EP2680182B1 (en) | Mobile device and method to monitor a baseband processor in relation to the actions on an application processor | |
US20080196104A1 (en) | Off-line mms malware scanning system and method | |
CN108256321A (en) | A kind of big data safety precaution supervision and aware platform | |
CN107016284A (en) | A kind of data communications equipment CPU front ends dynamic protection method and system | |
WO2007070612A3 (en) | Methods, systems, and computer program products for detecting and mitigating fraudulent message service message traffic | |
CN101384054A (en) | Method for network exception condition monitoring through performance data | |
CN101150586A (en) | CC attack prevention method and device | |
CN106937007A (en) | System, method and device that a kind of harassing call is reminded | |
CN106911675B (en) | A kind of mobile phone Malware method for early warning and device | |
CN107135127A (en) | A kind of network flow abnormal detecting method and device | |
CN107733834A (en) | A kind of leakage prevention method and device | |
CN106027549A (en) | Early warning method and device for address resolution protocol (ARP) flooding attacks in local area network | |
CN105075189B (en) | Receive communication event | |
CN107491692A (en) | A kind of method and system for monitoring Android terminal energy and wasting attack | |
CN106203067B (en) | A kind of method for cleaning and device of application program | |
CN105357387B (en) | A kind of method, apparatus and system for waking up terminal | |
CN101917445B (en) | Method for detecting denial of service attack of number segment in soft switching platform | |
CN104506413B (en) | Method, server and the terminal of information processing | |
CN107371141B (en) | Junk information monitoring method and device and communication system | |
CN105227789A (en) | A kind of hold-up interception method of harassing call and device | |
CN102567684A (en) | Anti-installation method of X-undercover wiretapping type software |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |